I was lucky to receive another invitation to a private Facebook event, this time the first ever public event at their new offices at 1 Rathbone Square. The focus this time was on Workplace, an application developed entirely from the London offices of Facebook.

Ben Mathews – Practical Security for Workplace

Workplace is a product that helps people work together. It looks a lot like Facebook, but it’s a tool for people to communicate and share things for their work. The website, mobile apps and colour scheme differ from Facebook (so all your personal information is separated). Workplace places emphasis on groups and chat.

Well known companies using Workplace include Walmart, Starbuck and Heineken. These firms have formally adopted the product, it’s administered centrally and employees are members of the firm’s community while they work there. In other firms, the use of Workplace grows organically – employees can set up an account and invite colleagues to join groups (it’s free to use).

Key features include Live Video (great for presentations and Q&A globally), Workplace Chat (a desktop app neatly integrated into the OS) and Company Dashboard (for admins to look after the community).

Ben’s focus is on security for Workplace. There is a difference emphasis from consumer Facebook, where it’s vital to enable users to get back into their account, so multiple methods are supported, such as email/telephone/photo id/friends. For a workspace account, the account is linked more to the employer than to the person. When they leave the company, they should lose access. The basis is the business email account – if you still have access to your company email account, it is assumed that you still have access to the Workplace account. However, a person may work for multiple firms (e.g. main employer and a non-profit) – these identities are kept separate.

Workplace are working on solving the wider problem of identity, to be able to support people who aren’t sitting at a desk and/or don’t have a company email account, but need to re-gain access to their account. Under consideration are crowd-sourcing security (where your colleagues can confirm your identity so that your password can be reset). A less sophisticated idea is just to allow a manager authenticate their employee using the org chart – but that fails if the manager is unavailable. If you have a company admin, they could block an account when people leave the firm (caveat – confirmation by email that the person no longer has access).

Workplace highlight accounts at risk – Facebook check password dumps (websites that list passwords and accounts that have been compromised), so any matching accounts on Workplace can be notified that the account is at risk. In that case, they advise the user to reset their password (and educate them on the danger of re-using passwords across websites).

Spam Prevention – spam is in the eye of the beholder, the poster may think that a post is useful, but maybe the receiver doesn’t. Some tools exist in Facebook to prevent this – e.g. you can’t invite too many friends to an event. But for Workplace, those limits may not make sense – some global distribution lists are appropriate, such as for firm-wide announcements. Spam limits need to be context dependent – the company may want aggressive/lenient levels for spam filtering. During Hurricane Irma, one firm was posting regularly on Workplace and breached the spam limits, so these needed to be quickly adjusted.

Astha Agarwal & Connor Treacy – Building for the Workplace Platform

Initially, the application was called Facebook at Work – this was widely seen as a bad idea since Facebook was thought of as “not allowed at work”, so when re-launched it became Workplace. The Platform allows customer integration software/bots to be written. There are APIs for user management and group/content management. Bots can plug other tools into the Platform for chat and groups, to power everyday tasks. For example, discussions can be converted into tasks using a bot. They have also created an Interview Bot – to give useful reminders and context for interviews. 3000 companies are already using software integrations into Workplace. Another example is a bot to create groups for flight crews so that they can coordinate last minute changes.

Bots are built on top of the Facebook graph API, and bots in chat are very similar to bots for messenger. This enables developers to move from one codebase to another quickly. Many features are carried over, like quick replies (Yes/No), persistent menus and localisation (to translate bots into different languages).

Bots can act as a person in a group – so bots can like, comment and post. The bot can mention a person in a post so that they get a ping to look at the post. This was demonstrated for a bot that files issues in the bug tracking system when it is mentioned, and pings back to the issue creator to give them the ticket number.

Blaise DiPersia & Lyndsay Watt – Learning to Ship Love

Like any software team, Facebook have to balance Time to Market with Quality of Execution. Facebook’s Values inform their decision making – be bold, create social value, move fast and break things. This approach was initially good because they released exciting new features – but also disoriented some users and sometimes made the infrastructure unstable. Eventually there was a breakdown in user trust and a rift in company unity (between customer support and developers on new features). So “moving fast” was changed to “Shipping Love”, to encompass the delivery and quality together.

Now, tasks are evaluated against Value, Ease of Use and Craft – prioritised in that order (note that the different applications within Facebook such as WhatsApp and Instagram have slightly different emphasis on each of these).

Valuable – does it solve a real problem for a person, in a unique way
Easy to use – core features are easy to find, less common features still discoverable.
Craft – moments of delight and magic, handle failures and edge cases gracefully

Facebook Reactions was a good example of this philosophy. First, it had to be confirmed as a real problem that people wanted to be solved, tested in user focus groups. The team analysed which sticker emojis were used and how many comments were already single phrases. Reactions met all the requirements – value, easy to use and well-crafted – and is one of the most popular new features.